nanog mailing list archives
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
From: "Edward B. DREGER" <eddy+public+spam () noc everquick net>
Date: Mon, 4 Jun 2007 21:12:05 +0000 (GMT)
JS> Date: Mon, 04 Jun 2007 12:20:38 -0700 JS> From: Jim Shankland JS> If what you meant to say is that NAT provides no security benefits JS> that can't also be provided by other means, then I completely What Owen said is that "[t]here's no security gain from not having real IPs on machines". That is a true statement. Moreover... Provider: "We're seeing WormOfTheDay.W32 from 90.80.70.60." Downstream: "That's our firewall." Provider: "Chances are you have one or more compromised hosts behind your firewall." Downstream: "But we have 150 workstations. How do we find which one(s)?" Bonus points for finding downstreams who understand "NIDS", "monitor port", "state mapping tables", et cetera. :-) In the big picture, I submit that NAT *worsens* the security situation. Of course, the cost falls to "other people" -- a topic that inevitably launches a protracted thread. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita
Current thread:
- Re: Security gain from NAT, (continued)
- Re: Security gain from NAT Matthew Palmer (Jun 04)
- Re: Security gain from NAT Matthew Kaufman (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Tony Hain (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Dorn Hetzel (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Daniel Senie (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Richard P. Welty (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Dave Israel (Jun 04)
- Re: Security gain from NAT Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Fred Baker (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Larry Smith (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Lamar Owen (Jun 04)
- Enterprise IPv6 (Was: Cool IPv6 Stuff/Security gain from NAT) Nathan Ward (Jun 04)